function NodeAccessControlHandler::checkAccess

Same name in other branches
  1. 9 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
  2. 8.9.x core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()
  3. 10 core/modules/node/src/NodeAccessControlHandler.php \Drupal\node\NodeAccessControlHandler::checkAccess()

Overrides EntityAccessControlHandler::checkAccess

File

core/modules/node/src/NodeAccessControlHandler.php, line 130

Class

NodeAccessControlHandler
Defines the access control handler for the node entity type.

Namespace

Drupal\node

Code

protected function checkAccess(EntityInterface $node, $operation, AccountInterface $account) {
    assert($node instanceof NodeInterface);
    $cacheability = new CacheableMetadata();
    
    /** @var \Drupal\node\NodeInterface $node */
    if ($operation === 'view') {
        $result = $this->checkViewAccess($node, $account, $cacheability);
        if ($result !== NULL) {
            return $result;
        }
    }
    [
        $revision_permission_operation,
        $entity_operation,
    ] = static::REVISION_OPERATION_MAP[$operation] ?? [
        NULL,
        NULL,
    ];
    // Revision operations.
    if ($revision_permission_operation) {
        $cacheability->addCacheContexts([
            'user.permissions',
        ]);
        $bundle = $node->bundle();
        // If user doesn't have any of these then quit.
        if (!$account->hasPermission("{$revision_permission_operation} all revisions") && !$account->hasPermission("{$revision_permission_operation} {$bundle} revisions") && !$account->hasPermission('administer nodes')) {
            return AccessResult::neutral()->addCacheableDependency($cacheability);
        }
        // If the user has the view all revisions permission and this is the view
        // all revisions operation then we can allow access.
        if ($operation === 'view all revisions') {
            return AccessResult::allowed()->addCacheableDependency($cacheability);
        }
        // If this is the default revision, return access denied for revert or
        // delete operations.
        $cacheability->addCacheableDependency($node);
        if ($node->isDefaultRevision() && ($operation === 'revert revision' || $operation === 'delete revision')) {
            return AccessResult::forbidden()->addCacheableDependency($cacheability);
        }
        elseif ($account->hasPermission('administer nodes')) {
            return AccessResult::allowed()->addCacheableDependency($cacheability);
        }
        // First check the access to the default revision and finally, if the
        // node passed in is not the default revision then check access to
        // that, too.
        $node_storage = $this->entityTypeManager
            ->getStorage($node->getEntityTypeId());
        $access = $this->access($node_storage->load($node->id()), $entity_operation, $account, TRUE);
        if (!$node->isDefaultRevision()) {
            $access = $access->andIf($this->access($node, $entity_operation, $account, TRUE));
        }
        return $access->addCacheableDependency($cacheability);
    }
    // Evaluate node grants.
    $access_result = $this->grantStorage
        ->access($node, $operation, $account);
    if ($access_result instanceof RefinableCacheableDependencyInterface) {
        $access_result->addCacheableDependency($cacheability);
    }
    return $access_result;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.